From 7fee2fe29b250f80b8b0d45be92ceac3c601364c Mon Sep 17 00:00:00 2001
From: Laine Gholson <laine.gholson@gmail.com>
Date: Thu, 26 Nov 2015 13:53:35 -0600
Subject: [PATCH] Show SHA384 certificates as secure

---
 testssl.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 5d13eb8..619bb61 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -2111,10 +2111,11 @@ run_server_defaults() {
      case $sig_algo in
           sha1WithRSAEncryption)   pr_brownln "SHA1 with RSA" ;;
           sha256WithRSAEncryption) pr_litegreenln "SHA256 with RSA" ;;
+          sha384WithRSAEncryption) pr_litegreenln "SHA384 with RSA" ;;
           sha512WithRSAEncryption) pr_litegreenln "SHA512 with RSA" ;;
           ecdsa-with-SHA256)       pr_litegreenln "ECDSA with SHA256" ;;
           md5*)                    pr_redln "MD5" ;;
-          *)                       outln "$algo" ;;
+          *)                       outln "$sig_algo" ;;
      esac
      # old, but interesting: https://blog.hboeck.de/archives/754-Playing-with-the-EFF-SSL-Observatory.html
 
@@ -2167,7 +2168,7 @@ run_server_defaults() {
                #FIXME: this is irritating and needs to be redone. Then also the wildcard match needs to be tested against  "$cn_nosni"
           elif [[ -z "$cn_nosni" ]]; then
                out " (request w/o SNI didn't succeed";
-               [[ $algo =~ ecdsa ]] && out ", usual for EC certificates"
+               [[ $sig_algo =~ ecdsa ]] && out ", usual for EC certificates"
                outln ")"
           elif [[ "$cn_nosni" == "*no CN field*" ]]; then
                outln ", (request w/o SNI: $cn_nosni)"